[jira] [Created] (KAFKA-3665) Default ssl.endpoint.identification.algorithm should be https

Ismael Juma (JIRA) Fri, 06 May 2016 02:31:53 -0700

Ismael Juma created KAFKA-3665:
----------------------------------

             Summary: Default ssl.endpoint.identification.algorithm should be 
https
                 Key: KAFKA-3665
                 URL: https://issues.apache.org/jira/browse/KAFKA-3665
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 0.9.0.1
            Reporter: Ismael Juma
            Assignee: Ismael Juma
             Fix For: 0.10.0.0



The default `ssl.endpoint.identification.algorithm` is `null` which is not a 
secure default (man in the middle attacks are possible).

We should probably use `https` instead.

A paper on the topic (thanks to Ryan Pridgeon for the reference): 
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (KAFKA-3665) Default ssl.endpoint.identification.algorithm should be https

Reply via email to